EP2137665A1 - Authentication method and token using screen light for both communication and powering - Google Patents

Authentication method and token using screen light for both communication and powering

Info

Publication number
EP2137665A1
EP2137665A1 EP07856597A EP07856597A EP2137665A1 EP 2137665 A1 EP2137665 A1 EP 2137665A1 EP 07856597 A EP07856597 A EP 07856597A EP 07856597 A EP07856597 A EP 07856597A EP 2137665 A1 EP2137665 A1 EP 2137665A1
Authority
EP
European Patent Office
Prior art keywords
token
solar cells
server
array
otp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP07856597A
Other languages
German (de)
French (fr)
Other versions
EP2137665B1 (en
Inventor
Luca Ghislanzoni
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
C-SIGMA S.R.L.
KOROTEK S.R.L.
Original Assignee
Korotek Srl
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Korotek Srl filed Critical Korotek Srl
Publication of EP2137665A1 publication Critical patent/EP2137665A1/en
Application granted granted Critical
Publication of EP2137665B1 publication Critical patent/EP2137665B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Definitions

  • the present invention describes a method and an apparatus to authenticate a user's identity, for gaining access to sensitive data and-or applications in a secure way, but without the need to insert the device into readers of any sort.
  • Typical applications would for example be: internet remote shopping, remote home-banking and financial transactions, access to virtual private networks (VPNs), etc.
  • VPNs virtual private networks
  • the apparatus would be integrated into a conventional credit card, as to enhance security while using said credit card for payment authorisation.
  • Several devices known as authentication tokens, are commercially available which already feature similar functions, although obtained by other means.
  • RSA Security Inc. and TRI-D Systems Inc. offer authentication tokens which generate One Time Passwords (OTPs), typically displayed on a Liquid Crystal Display (LCD), for authenticating a user identity when the user initiates a session to connect to a secure server from a client application.
  • OTPs One Time Passwords
  • LCD Liquid Crystal Display
  • Existing authentication tokens generate OTPs in various way.
  • a very common way herewith called “Current Time Encryption”, consists in encrypting the token's clock 64-bit standard ISO representation of Current Time, by means of a token specific true Random Seed and a token specific Salt (practically a serial number), both known also to the secure server the client is trying to gain access to, to then generate a OTP every about 60 seconds (an example is the SecurlD® token from RSA Security Inc.).
  • a token specific true Random Seed and a token specific Salt (practically a serial number)
  • OTP every about 60 seconds
  • the user identity is then verified at the secure server side.
  • the server would then include procedures to correct for token's clocks running slower or faster than its own Current Time clock.
  • Challenge Code Encryption Another known way, herewith called “Challenge Code Encryption” would make use of a keypad on the authentication token itself, and by means of which a user can enter a one time Challenge Code sent by the server and displayed, for example, on the login page of the service the user is trying to gain access to.
  • the token then encrypts said Challenge Code with a token specific true “Random Seed” and a token specific Salt, both also known to the secure server that the client is trying to gain access to, displaying then the resulting OTP on the LCD.
  • the user identity is then verified at the secure server side.
  • yet another method would get away with the need for encryption algorithms at the token's side by simply storing in the token's EEPROM a lookup table containing several random OTPs, known only to the server and the token itself. At each login the server would then ask for the OTP stored at location x, which the token will then readily display.
  • the method and device disclosed by this patent can be used to implement "Current Time Encryption” and-or “Challenge Code Encryption” and-or “OTPs Table” types of authentication, whatever the choice of the detailed encryption algorithm.
  • a typical embodiment would consist in a credit card size token, featuring on one side an array of solar cells (for example of the photovoltaic type), and on the other side a display device (ideally, of a thin and flexible type).
  • the server displays a Challenge Code (or Current Time for the "Current Time Encryption” method), encoded in a sequence of bright and dark rectangles, which are then shown in an area of the screen approximately the size of a credit card.
  • Dl Portable Acess Device
  • Bloomberg LP February 13, 2004, discloses (Fig. 6) a portable access device capable of reading, by means of photosensors, modulated light signals from a computer monitor.
  • D2 Small Cell Powered Smart Card with Integrated Display and Interface Keypad
  • Motorola Inc. July 7, 1998
  • a smart card including a MPU, a display, a keypad, an interface for signals exchange with an external system, and photovoltaic cells for providing power.
  • D4 IC Card Having Energy Input and Data Exchange Elements on Opposite Sides Thereof, T. Anegawa, December 18, 1990, discloses an IC Card featuring one main surface with solar cells to generate power, and the other main surface with semiconductor photo-elements for contactless data exchange with an external reader.
  • the device described in Dl although capable of decoding light modulated signals conveyed by images displayed on a PC monitor, it does so thanks to photosensors, still requiring the use of a battery for powering the signal conditioning and processing electronics.
  • D3, D4, and D5 all describe cards whereby optical means are used for both supplying energy to the card's circuitry, as well as for establishing data communication paths. However, for card interrogation and-or data exchange, they all require the card to be inserted in a suitable card reader specific to that particular type of card.
  • the present invention instead, obtains similar capabilities by introducing a novel way to interrogate the authentication card, whereby the card is laid against an image on a computer screen, or other type of terminal, and whose light output is used both to supply energy to the card's internal circuitry, as well as to encode server's requests.
  • a very convenient way to generate said sequence of images would consist in merging into a standard GIF animation a sequence of white rectangles suitably interleaved with black rectangles, but other equally effective methods can easily be imagined by the skilled in the art.
  • the home banking service would ask for Alice's User ID, which Alice would enter to gain access to a login page of the kind shown in Figure Ia.
  • an area of approximately the size of a credit card displays a rapid sequence of bright images interleaved by dark ones, in a suitable way to encode the "Current Time” as broadcasted by the server (typically, with updates about every minute), or to encode a suitably generated one-time "Challenge Code", that could also be periodically updated and broadcasted to all users, or could otherwise be specific to each user (depending on the details of the specific encryption algorithm utilised).
  • an array of solar cells convert the image's light output in electric energy, while intensity variations in said light are of sufficient amplitude as to allow simple and reliable decoding of the server's request, as shown in the oscilloscope recording inserted at the bottom of Figure Ia (example obtained by recording the voltage output of a string of 4 cells of the type used in solar powered calculators, terminated on a suitable load)
  • the solar cells output is also used to recharge an energy storage element, such as for example the capacitor drawn in figure Ia, by means of suitable energy conditioning circuitry (schematically represented as a diode in figure Ia).
  • a Micro Processor Unit, MPU can then draw its supply from said energy storage element, while a suitable DECODE interface circuitry, and associated software, allows decoding of the code embedded in the sequence of images.
  • the MPU has now all the data needed for computing the OTP, which is then shown on the token's display device.
  • the energy conditioning circuitry might indeed simply consist in a low drop Schottky rectifier, but more efficient and advanced solutions exist, and which are commonly known to the skilled in the art: MOSFET transistors driven as synchronous rectifiers, micropower switching mode boost converters capable to keep charging the energy storage element even at Vmin solar cells output, and all other obviously applicable solutions.
  • Suitable solar cells are commercially available, which are very thin and flexible, ideal characteristics for being integrated in credit card type of tokens.
  • Computer screens and monitors can easily produce images with brightness in excess of 200 cd/m , so that less than about 10 cm of total solar cells array area would typically generate sufficient energy.
  • the skilled in the art can then figure out how to best connect the required number of solar cells, in conventional series and-or parallel configurations.
  • Concerning the display device several different technologies are nowadays available which allow the manufacturing of very thin and flexible displays.
  • a suitable micropower MPU would normally consume few tens of ⁇ W, requiring peaks of a couple of mW, lasting a couple of msec, only during EEPROM locations writing.
  • Such peaks of energy demand can easily be buffered by a capacitor(s) totalling few ⁇ F, and which a suitable array of solar cells can recharge in less than one second of typical white screen light illumination.
  • the MPU would verify the amount of energy available (by monitoring the voltage across the storage capacitor) before starting any peak energy demanding task.
  • the skilled in the art can therefore imagine several possible coding schemes producing a worst case total light output such as to always guarantee sufficient energy storage, while ensuring at the same time reliable and easy decoding.
  • each coding sequence of bright and dark images could be repeated several times, or continuously, as to allow the MPU to verify multiple times the correct reading of the server's requests, while at the same time generating enough energy for the MPU needs.
  • the dark image does not need to be pure black, but a best trade-off can be found by means of which: - colour and brightness of the bright image are selected to match, as far as possible, the solar cell(s) spectral response, as to guarantee that energy output is maximised, even under worst case conditions.
  • the dark image too could be optimised for colour and relative brightness (with respect to the bright image), as to guarantee reliable decoding while maximizing the total solar cell(s) energy output.
  • the modulations in brightness are detected by a separate photo sensing element, as to allow more flexibility in the detailed design of the coding scheme and of the circuitry for its decoding.
  • a very convenient way to realise said photo sensing element could for example consist in reserving a fraction of the total area of the solar cells array as to obtain a very small cell dedicated to this purpose.
  • a second constantly bright area could be placed just next to the screen area already displaying the sequence of images coding the server's requests. Some kind of reference lines and-or symbols drawn on the token would then help the user to correctly place it, for example by positioning said reference lines and-or symbols as to match the edge between said screen areas, as shown in figure 2A.
  • figure 2B schematically illustrates a token featuring two photo sensing elements, each facing different portions of the screen, both of varying brightness, allowing more complex coding schemes to be implemented, such as for example:
  • one of the sensors could be used to convey a conventional CLOCK signal, to help in properly timing the sampling of the output signal of the other sensor, allowing hence to spare those time intervals, such as train of pulses and the like, usually required for periodic synchronisation by most serial communication protocols .
  • Another possible approach could consist in encoding the server's request into variations of the relative brightness between different screen portions and of varying brightness, so that by suitably subdividing into multiple discrete levels the analogue value of said relative brightness the overall data rate could be increased significantly.
  • a very convenient way to realise photo sensing elements sensitive to defined portions of the coding image emission spectrum could for example consist in reserving a fraction of the total area of the solar cells array as to obtain a number of small cells dedicated to this purpose. Each cell would then be covered by an optical filter (in practice a coloured film of transparent plastic material) tuned to that particular portion of the emission spectrum.
  • the token specific Random Seed and Salt could be programmed into the MPU at the manufacturing stage, or also later on by using a similar method as used for reading server's requests from the screen, but carried out on a secure terminal (for example a workstation at a secure location), before delivery of the token to the customer.
  • a secure terminal for example a workstation at a secure location
  • Such programming terminals could be chosen of a particularly bright type, so that the higher rate of energy generated by the solar cells would allow to considerably speed up the programming time required for each token.
  • the programming could take place also by means of the already present electrical contacts.
  • the last recorded date and time value could also be displayed each time sufficient light illuminates the array of solar cells. If the recording, in the MPU EEPROM, of the last decoded "Current Time” value is allowed only when said value corresponds to a more recent time with respect to the one currently stored, then the user could easily verify: whether token has been used, without the user knowing - whether the token was temporarily removed, without the user knowing, by somebody who then exposed it to sequences of images encoding for future values of the "Current Time, as to later be able to use, at said dates and times, the "stolen” OTPs.
  • the corresponding EEPROM location can be deleted, and a counter updated, so that various ways can now be imagined for providing visual feedback to the user on whether somebody has temporarily taken possession of the token, without him knowing, and tried to "steal" the OTPs (or only some of them), by presenting to the token coded images consecutively asking for the stored OTPs.
  • the inventive step of this invention shall be understood as independent from a particular choice for the encryption algorithm, or coding scheme for the sequence of images, or visual feedback method, rather it consists in the idea of using the light output from the screen displaying the relevant login page, to convey both the server's requests and the energy needed to supply the token.

Abstract

An authentication token one side of which features an array of solar cells, of a very thin and flexible type, whereas the opposite side features a display device. The method consists in encoding into a sequence of bright images, interlaced with less bright ones, the code sent by the server. By placing the token in front of the portion of the screen displaying said encoding sequence, the light collected by the array of solar cells it is sufficient to generate the energy required for supplying the token's microprocessor, while the variation in brightness are decoded as to reconstruct the digital word representing the code sent by the server. Said code is then processed by the microprocessor to generate a One Time Password, OTP, then displayed on the display device. The user would then enter said OTP on the login page.

Description

TITLE
AUTHENTICATION METHOD AND TOKEN USING SCREEN LIGHT FOR BOTH COMMUNICATION AND
POWERING
DESCRIPTION
The present invention describes a method and an apparatus to authenticate a user's identity, for gaining access to sensitive data and-or applications in a secure way, but without the need to insert the device into readers of any sort. Typical applications would for example be: internet remote shopping, remote home-banking and financial transactions, access to virtual private networks (VPNs), etc.
In a very useful embodiment, the apparatus would be integrated into a conventional credit card, as to enhance security while using said credit card for payment authorisation. Several devices, known as authentication tokens, are commercially available which already feature similar functions, although obtained by other means. In particular, RSA Security Inc. and TRI-D Systems Inc. offer authentication tokens which generate One Time Passwords (OTPs), typically displayed on a Liquid Crystal Display (LCD), for authenticating a user identity when the user initiates a session to connect to a secure server from a client application. Existing authentication tokens generate OTPs in various way. A very common way, herewith called "Current Time Encryption", consists in encrypting the token's clock 64-bit standard ISO representation of Current Time, by means of a token specific true Random Seed and a token specific Salt (practically a serial number), both known also to the secure server the client is trying to gain access to, to then generate a OTP every about 60 seconds (an example is the SecurlD® token from RSA Security Inc.). By entering said OTP on the login page, the user identity is then verified at the secure server side. The server would then include procedures to correct for token's clocks running slower or faster than its own Current Time clock. Another known way, herewith called "Challenge Code Encryption" would make use of a keypad on the authentication token itself, and by means of which a user can enter a one time Challenge Code sent by the server and displayed, for example, on the login page of the service the user is trying to gain access to. The token then encrypts said Challenge Code with a token specific true "Random Seed" and a token specific Salt, both also known to the secure server that the client is trying to gain access to, displaying then the resulting OTP on the LCD. By entering said OTP on the login page, the user identity is then verified at the secure server side. Finally, yet another method would get away with the need for encryption algorithms at the token's side by simply storing in the token's EEPROM a lookup table containing several random OTPs, known only to the server and the token itself. At each login the server would then ask for the OTP stored at location x, which the token will then readily display.
The method and device disclosed by this patent can be used to implement "Current Time Encryption" and-or "Challenge Code Encryption" and-or "OTPs Table" types of authentication, whatever the choice of the detailed encryption algorithm. A typical embodiment would consist in a credit card size token, featuring on one side an array of solar cells (for example of the photovoltaic type), and on the other side a display device (ideally, of a thin and flexible type). After a user has entered the user ID, for example Alice, on the login page, the server displays a Challenge Code (or Current Time for the "Current Time Encryption" method), encoded in a sequence of bright and dark rectangles, which are then shown in an area of the screen approximately the size of a credit card. Alice can then lay the credit card size token against said image. The image light output is then sufficient to generate the energy required to power the Micro Processing Unit, MPU, contained within Alice's token, while at the same time the variations in the solar cells array output signal are processed by said MPU to decode the Challenge Code (or Current Time) sent by the server. Encrypting it together with the stored Random Seed and Salt, the MPU can then generate the OTP expected by the server. To verify whether such method was already covered by existing patents, a world-wide search was carried out in major patents databases, yielding the following results:
- PCT/US2004/004366 (referred to as Dl, "Portable Acess Device", Bloomberg LP, February 13, 2004, discloses (Fig. 6) a portable access device capable of reading, by means of photosensors, modulated light signals from a computer monitor.
- US patent 5,777,903 (referred here as D2), "Solar Cell Powered Smart Card with Integrated Display and Interface Keypad", Motorola Inc., July 7, 1998, discloses a smart card including a MPU, a display, a keypad, an interface for signals exchange with an external system, and photovoltaic cells for providing power.
- US patent 4,916,296 (referred here as D3), "Light Modulating Smart Card", D.A. Streck, April 10, 1990, discloses a smart card in one version of which, "solar cell(s) carried by the smart card convert light incident thereon into power for the card. In a variation thereof, there is a light splitter for splitting the beam of light into a portion directed on the solar cell(s) for producing power and a portion directed through the light modulator."
- US patent 4,978,840 (referred here as D4), "IC Card Having Energy Input and Data Exchange Elements on Opposite Sides Thereof, T. Anegawa, December 18, 1990, discloses an IC Card featuring one main surface with solar cells to generate power, and the other main surface with semiconductor photo-elements for contactless data exchange with an external reader.
- US patent 3,971,916 (referred here as D5), "Methods of Data Storage and Data Storage Systems", R. Moreno, July 27, 1976, discloses a card whereby "Coupling of the card and data-transfer means is effected optically by light-emitting diodes cooperating with photovoltaic piles, or by direct electrical contact".
The device described in Dl, although capable of decoding light modulated signals conveyed by images displayed on a PC monitor, it does so thanks to photosensors, still requiring the use of a battery for powering the signal conditioning and processing electronics.
Concerning the device described in D2, although E>2 does not explicitly mention this possibility, such type of Smart Card could indeed also be used for "Challenge Code Encryption" type of authentications. Alice would digit on the card's keypad a "Challenge Code", as displayed by the server on the login page, the MPU would then generate a OTP, which Alice would enter on said login page. However, most users would find simpler to lay a card against a rectangular image on the screen and just wait for the OTP to be generated and displayed on said card's display device, rather than type entries on a necessarily very small keypad. Furthermore, embedding a keypad in a credit card size device increases its manufacturing complexity, affecting cost and long term reliability.
D3, D4, and D5, all describe cards whereby optical means are used for both supplying energy to the card's circuitry, as well as for establishing data communication paths. However, for card interrogation and-or data exchange, they all require the card to be inserted in a suitable card reader specific to that particular type of card.
The present invention, instead, obtains similar capabilities by introducing a novel way to interrogate the authentication card, whereby the card is laid against an image on a computer screen, or other type of terminal, and whose light output is used both to supply energy to the card's internal circuitry, as well as to encode server's requests. A very convenient way to generate said sequence of images would consist in merging into a standard GIF animation a sequence of white rectangles suitably interleaved with black rectangles, but other equally effective methods can easily be imagined by the skilled in the art.
The inventive step of this invention is exemplified in Figure Ia, whereas Figure Ib depicts a practical example of how the token could be arranged for integration into a conventional credit card with smart chip (A). The shaded area B highlights one of the many possible location for mounting the solar cell(s). Let us take the example of Alice connecting to a home banking service:
- following a conventional procedure, the home banking service would ask for Alice's User ID, which Alice would enter to gain access to a login page of the kind shown in Figure Ia. On said page an area of approximately the size of a credit card displays a rapid sequence of bright images interleaved by dark ones, in a suitable way to encode the "Current Time" as broadcasted by the server (typically, with updates about every minute), or to encode a suitably generated one-time "Challenge Code", that could also be periodically updated and broadcasted to all users, or could otherwise be specific to each user (depending on the details of the specific encryption algorithm utilised).
On the token's side facing said screen area, an array of solar cells convert the image's light output in electric energy, while intensity variations in said light are of sufficient amplitude as to allow simple and reliable decoding of the server's request, as shown in the oscilloscope recording inserted at the bottom of Figure Ia (example obtained by recording the voltage output of a string of 4 cells of the type used in solar powered calculators, terminated on a suitable load)
- The solar cells output is also used to recharge an energy storage element, such as for example the capacitor drawn in figure Ia, by means of suitable energy conditioning circuitry (schematically represented as a diode in figure Ia).
- A Micro Processor Unit, MPU, can then draw its supply from said energy storage element, while a suitable DECODE interface circuitry, and associated software, allows decoding of the code embedded in the sequence of images.
The MPU has now all the data needed for computing the OTP, which is then shown on the token's display device.
Finally, Alice enters said OTP on the login page, gaining access to the required service. It shall now be remarked that when using an encryption method based on a "Current Time" or "Challenge Code" common to all users, and periodically updated (for example every one minute or so), and whose encoding image is broadcasted on a TV channel, then secure home shopping for users without internet connection becomes possible (by dictating the OTP to the operator of the telephone number corresponding to that specific shopping or financial service). The energy conditioning circuitry, schematically represented in figure Ia as a diode peak charging a capacitor, might indeed simply consist in a low drop Schottky rectifier, but more efficient and advanced solutions exist, and which are commonly known to the skilled in the art: MOSFET transistors driven as synchronous rectifiers, micropower switching mode boost converters capable to keep charging the energy storage element even at Vmin solar cells output, and all other obviously applicable solutions.
Suitable solar cells are commercially available, which are very thin and flexible, ideal characteristics for being integrated in credit card type of tokens. Computer screens and monitors can easily produce images with brightness in excess of 200 cd/m , so that less than about 10 cm of total solar cells array area would typically generate sufficient energy. The skilled in the art can then figure out how to best connect the required number of solar cells, in conventional series and-or parallel configurations. Concerning the display device, several different technologies are nowadays available which allow the manufacturing of very thin and flexible displays. A suitable micropower MPU would normally consume few tens of μW, requiring peaks of a couple of mW, lasting a couple of msec, only during EEPROM locations writing. Such peaks of energy demand can easily be buffered by a capacitor(s) totalling few μF, and which a suitable array of solar cells can recharge in less than one second of typical white screen light illumination. Naturally, the MPU would verify the amount of energy available (by monitoring the voltage across the storage capacitor) before starting any peak energy demanding task. The skilled in the art can therefore imagine several possible coding schemes producing a worst case total light output such as to always guarantee sufficient energy storage, while ensuring at the same time reliable and easy decoding. In particular, between two consecutive updates from the server, each coding sequence of bright and dark images could be repeated several times, or continuously, as to allow the MPU to verify multiple times the correct reading of the server's requests, while at the same time generating enough energy for the MPU needs. Of course, the dark image does not need to be pure black, but a best trade-off can be found by means of which: - colour and brightness of the bright image are selected to match, as far as possible, the solar cell(s) spectral response, as to guarantee that energy output is maximised, even under worst case conditions.
The dark image too could be optimised for colour and relative brightness (with respect to the bright image), as to guarantee reliable decoding while maximizing the total solar cell(s) energy output.
In a variation of the method, the modulations in brightness are detected by a separate photo sensing element, as to allow more flexibility in the detailed design of the coding scheme and of the circuitry for its decoding. A very convenient way to realise said photo sensing element could for example consist in reserving a fraction of the total area of the solar cells array as to obtain a very small cell dedicated to this purpose. In a further variation of the method, a second constantly bright area could be placed just next to the screen area already displaying the sequence of images coding the server's requests. Some kind of reference lines and-or symbols drawn on the token would then help the user to correctly place it, for example by positioning said reference lines and-or symbols as to match the edge between said screen areas, as shown in figure 2A. In this way the solar cells will face the constantly bright area, while a photo sensing element mounted on the same side of the token, but with an offset with respect to the array of solar cells, will find itself facing the area of variable brightness. The corresponding apparatus would result more complex (because of the presence of one additional sensing element), but it would allow higher rates of data transfer. Following a similar approach, figure 2B schematically illustrates a token featuring two photo sensing elements, each facing different portions of the screen, both of varying brightness, allowing more complex coding schemes to be implemented, such as for example:
- one of the sensors could be used to convey a conventional CLOCK signal, to help in properly timing the sampling of the output signal of the other sensor, allowing hence to spare those time intervals, such as train of pulses and the like, usually required for periodic synchronisation by most serial communication protocols .
- Another possible approach could consist in encoding the server's request into variations of the relative brightness between different screen portions and of varying brightness, so that by suitably subdividing into multiple discrete levels the analogue value of said relative brightness the overall data rate could be increased significantly.
It is then easy to figure out how the same approach could be extended to the use of 3 photo sensing elements, or 4, or 5, and so on. Although the number of sensors could in principle be arbitrarily extended, one must also consider that by subdividing the coding portion of the screen into more than 4 portions (for example 4 sectors separated by a cross) would make it progressively more cumbersome for the user to correctly position the token. In yet another variation of the method, multiple individual sensors could be tuned to detect different portions of the emission spectrum of the images in the coding sequence, so that data could be coded also into the colour information. In a particularly straightforward embodiment three sensing elements, Sr, Sg, Sb, as shown in figure 2C, one for each of the three fundamental colours, red, green, blue, would decode variations in the brightness of each colour to transfer more bits at each sampling.
A very convenient way to realise photo sensing elements sensitive to defined portions of the coding image emission spectrum could for example consist in reserving a fraction of the total area of the solar cells array as to obtain a number of small cells dedicated to this purpose. Each cell would then be covered by an optical filter (in practice a coloured film of transparent plastic material) tuned to that particular portion of the emission spectrum.
The token specific Random Seed and Salt could be programmed into the MPU at the manufacturing stage, or also later on by using a similar method as used for reading server's requests from the screen, but carried out on a secure terminal (for example a workstation at a secure location), before delivery of the token to the customer. Such programming terminals could be chosen of a particularly bright type, so that the higher rate of energy generated by the solar cells would allow to considerably speed up the programming time required for each token. In an embodiment by which the token is integrated in a conventional smart card, the programming could take place also by means of the already present electrical contacts. Concerning optimal coding schemes, no particular choice is detailed in this patent, as anyone skilled in the art can figure out several suitable solutions, and it would hence be too restrictive to bind the scope of this patent to a particular coding scheme.
Those skilled in the art will appreciate that several other useful features could be added, but which are of obvious derivation. An example is the possibility to implement software routines to provide the user with visual feedback on the token display device, such as the total number of times that the token has successfully decoded a "Current Time" or "Challenge Code", or the like. With a "Current Time" type of encryption, a very simple way to provide said visual feedback would consist in displaying the most recent value of date and time as soon as it is decoded by the token, and just before the OTP is generated, so that the user can directly verify whether the displayed date and time values are the correct ones, and not future values as phishing sites would attempt to broadcast in order to "steal" future values of a token's OTPs. After that, the last recorded date and time value could also be displayed each time sufficient light illuminates the array of solar cells. If the recording, in the MPU EEPROM, of the last decoded "Current Time" value is allowed only when said value corresponds to a more recent time with respect to the one currently stored, then the user could easily verify: whether token has been used, without the user knowing - whether the token was temporarily removed, without the user knowing, by somebody who then exposed it to sequences of images encoding for future values of the "Current Time, as to later be able to use, at said dates and times, the "stolen" OTPs.
In the case of the "OTPs Table" method, after displaying the OTP, the corresponding EEPROM location can be deleted, and a counter updated, so that various ways can now be imagined for providing visual feedback to the user on whether somebody has temporarily taken possession of the token, without him knowing, and tried to "steal" the OTPs (or only some of them), by presenting to the token coded images consecutively asking for the stored OTPs.
Of course, if instead a "Challenge Code Encryption" approach is preferred, whereby the server, at each login, randomly generate user specific Challenge Codes, phishing attempts would not produce any practical result.
The inventive step of this invention shall be understood as independent from a particular choice for the encryption algorithm, or coding scheme for the sequence of images, or visual feedback method, rather it consists in the idea of using the light output from the screen displaying the relevant login page, to convey both the server's requests and the energy needed to supply the token.
It shall be appreciated that those skilled in the .art, building on the features of the invention described above, now could easily imagine many changes, modifications, and-or substitutions.
The following claims are intended to cover such changes as fall within the scope of the inventive step detailed in the above description.

Claims

1. A contactless method to optically transfer server's requests to an authentication token, while at the same time supplying it with power, by means of the light emitted by portions of the screen, or monitor, displaying said server's login page; characterised in that said method is arranged for using a Microprocessor Unit, MPU, which also includes a non volatile memory, such as for example of the EEPROM type, to obtain a One Time Password, OTP, by applying known encryption methods, such as for example "Current Time Encryption" and-or "Challenge Code Encryption", or by applying the "OTPs Table" method;
- whereby the code sent by the server, as input to the OTP generation process carried out by said MPU is conveyed by means of a suitable sequence of images encoding said input code as variations in the corresponding screen light output, sequence which could be directly assembled by the server or by any suitable applet running on the client's application;
- an array of solar cells is then used to convert said variations of the screen light output into correspondingly varying electrical signals, for decoding by a suitable decoder circuit, while at the same time generating sufficient energy to cover the token's energy demand;
- the token then displays said OTP on a suitable display device, so that the user can then enter it on the server's login page; said display device could also be used to provide visual feedback to the user, for example about the total number of OTPs so far generated, most recent values of date and time of OTP generation, or any other effective method; for users with no internet access, transactions via telephone operator, such as for example purchases ordered by telephone, special phones could be devised featuring a suitable light source, modulated to encode the server's requests, or it is also possible to imagine a TV channel continuously broadcasting a sequence of images encoding an input code common for all users, periodically updated for example every minute or so, and which will then be shown to the token at the requests of the operator, as to generate the corresponding OTP.
2. Apparatus implementing the method described in Claim 1, comprising:
A MPU with memory, an array of solar cells, decoding circuitry, energy conditioning and storage circuitry, and a display device, suitably arranged to fit into a credit card size token characterised in that the energy demanded by said MPU for carrying out the required tasks is generated by a solar cells array, mounted in a suitable way for collecting the light emitted by the portion of the screen displaying the sequence of images coding for the server's request; said solar cells array is of a thin and flexible type, suitable for withstanding the same type of mechanical stress usually experienced by credit cards, and which could, in case, be aided by additional solar cells mounted on the token side illuminated by ambient light, or it could even be of a double sided type, as to allow the collection of light from both sides of the token; - the energy conditioning and storage circuitry could simply consist of a rectifier connected in order to peak charge a capacitor(s), super-capacitor(s), or other energy storage element(s), but it could also consist of other more efficient solutions known to the skilled in the art, as suggested in the description; the decoding circuitry is implemented according to any of the numerous techniques, known to the skilled in the art, which could be used for converting the variations of the solar cells output signal into the digital word(s) representing the server's request, i.e.: the input code for the encryption process to be carried out by said MPU.
3. Apparatus as claimed in Claim 2, characterised in that the task to convert the variations in the screen light output is carried out by a dedicated photo sensing element, as to allow more flexibility in the detailed design of the coding scheme and of the circuitry for its decoding, and which, in a particularly convenient embodiment, could for example be realised by reserving a fraction of the total area of the solar cells array to a very small cell dedicated to this purpose.
4. Apparatus as claimed in Claim 3, characterised in that said dedicated photo sensing element is positioned with an offset with respect to the solar cells array, in a way that, when the token is correctly positioned against reference edges on the screen image, said photo sensing element will be illuminated in a different way than the solar cells array, which will instead face a maximally bright area, while the photo sensing element will find itself facing the area of variable brightness.
5. Apparatus as claimed in Claim 4, characterised in that the number of said dedicated photo sensing elements is increased to two or more, each facing dedicated portions of the screen, displaying sequences of images of differently varying brightness, and with the aim to simultaneously encode more bits, and-or a clock signal, by any suitable encoding method, including those methods exploiting the possibility to subdivide into discrete analogue levels variations in the relative brightness between different portions of each image part of the coding sequence.
6. Apparatus as claimed in Claim 3, characterised in that the number of said dedicated photo sensing elements is increased to two or more, with each photo sensing elements tuned to a different portion of the emission spectrum of the coding sequence of images, so that data could also be coded into colour information by any suitable encoding method, including those methods exploiting the possibility to subdivide in discrete analogue levels variations in the relative brightness of the emissions into the corresponding colour range
7. Apparatus as claimed in Claim 6, characterised in that said photo sensing elements sensitive to defined portions of the emission spectrum, of the coding sequence of images, could for example be realised by reserving a fraction of the total area of the solar cells array as to obtain a number of small cells dedicated to this purpose, whereby each cell would then be covered by an optical filter, such as for example a coloured film of plastic material, tuned to that particular portion of the emission spectrum.
8. Apparatus as claimed in Claims 2, 3, 4, 5, 6, 7 characterised in that it is arranged as to allow integration into conventional credit cards and-or smart cards, and-or radio frequency identification cards, whether or not such cards feature additional card specific user identification means based on known methods, such as for example on-card keypads or on-card biometric sensors.
EP07856597A 2007-03-07 2007-12-12 Authentication method and token using screen light for both communication and powering Active EP2137665B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IT000453A ITMI20070453A1 (en) 2007-03-07 2007-03-07 METHOD AND DEVICE FOR AUTHENTICATION OF THE IDENTITY IN WHICH IT IS POSSIBLE TO GENERATE ACESS CODES BY USING THROUGH THE DECODING OF IMAGES WHERE THE LIGHT IS ALSO USED FOR THE SUPPLY OF THE SAME DEVICE
PCT/EP2007/010849 WO2008107008A1 (en) 2007-03-07 2007-12-12 Authentication method and token using screen light for both communication and powering

Publications (2)

Publication Number Publication Date
EP2137665A1 true EP2137665A1 (en) 2009-12-30
EP2137665B1 EP2137665B1 (en) 2013-03-20

Family

ID=39226598

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07856597A Active EP2137665B1 (en) 2007-03-07 2007-12-12 Authentication method and token using screen light for both communication and powering

Country Status (4)

Country Link
US (1) US20100088754A1 (en)
EP (1) EP2137665B1 (en)
IT (1) ITMI20070453A1 (en)
WO (1) WO2008107008A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8024576B2 (en) * 2008-03-31 2011-09-20 International Business Machines Corporation Method and system for authenticating users with a one time password using an image reader
US20100083000A1 (en) * 2008-09-16 2010-04-01 Validity Sensors, Inc. Fingerprint Sensor Device and System with Verification Token and Methods of Using
US8799666B2 (en) * 2009-10-06 2014-08-05 Synaptics Incorporated Secure user authentication using biometric information
WO2011108004A1 (en) * 2010-03-02 2011-09-09 Eko India Financial Services Pvt. Ltd. Authentication method and device
FR2957216B1 (en) * 2010-03-03 2016-06-17 Avencis REMOTE STRONG AUTHENTICATION METHOD, AND INITIALIZATION METHOD, DEVICE AND ASSOCIATED SYSTEMS
EP2700044B1 (en) 2011-04-18 2019-01-02 C-Sigma S.r.l. Authentication device with photosensitive input keys
US9165295B2 (en) * 2011-05-09 2015-10-20 Moon J. Kim Automated card information exchange pursuant to a commercial transaction
JP2013020609A (en) * 2011-06-13 2013-01-31 Kazunori Fujisawa Authentication system
US9628875B1 (en) 2011-06-14 2017-04-18 Amazon Technologies, Inc. Provisioning a device to be an authentication device
US9639825B1 (en) * 2011-06-14 2017-05-02 Amazon Technologies, Inc. Securing multifactor authentication
US8490872B2 (en) 2011-06-15 2013-07-23 Moon J. Kim Light-powered smart card for on-line transaction processing
US9230087B2 (en) * 2011-12-19 2016-01-05 Henry Oksman Optical filter security
DE102012101876A1 (en) * 2012-03-06 2013-09-12 Wincor Nixdorf International Gmbh PC hedge by BIOS / (U) EFI extensions
TWM435771U (en) * 2012-04-27 2012-08-11 Giga Solar Materials Corp Card type solar charger
US9594888B1 (en) * 2012-06-25 2017-03-14 EMC IP Holding Company LLC User authentication device
US9305153B1 (en) * 2012-06-29 2016-04-05 Emc Corporation User authentication
US9589399B2 (en) 2012-07-02 2017-03-07 Synaptics Incorporated Credential quality assessment engine systems and methods
WO2014051518A1 (en) * 2012-09-25 2014-04-03 Temasek Polytechnic Security film for revealing a passcode
EP2988240A1 (en) * 2014-08-22 2016-02-24 Cerovic Dorde Electronic transmitter and receiver with sealed data transfer that is closed to outside world

Family Cites Families (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB1285445A (en) * 1968-08-30 1972-08-16 Smiths Industries Ltd Improvements in or relating to access-control equipment and item-dispensing systems including such equipment
GB1285444A (en) * 1968-08-30 1972-08-16 Smiths Industries Ltd Improvements in or relating to access-control equipment and item-dispensing systems including such equipment
GB1429467A (en) * 1972-02-28 1976-03-24 Chubb Integrated Systems Ltd Access- or transactioncontrol equipment
FR2304965A2 (en) * 1974-03-25 1976-10-15 Innovation Ste Int ELECTRONIC CONTROL PROCESS AND DEVICE
US3971916A (en) 1974-03-25 1976-07-27 Societe Internationale Methods of data storage and data storage systems
GB2115996B (en) * 1981-11-02 1985-03-20 Kramer Kane N Portable data processing and storage system
US4819267A (en) * 1984-02-22 1989-04-04 Thumbscan, Inc. Solid state key for controlling access to computer systems and to computer software and/or for secure communications
US4575621A (en) * 1984-03-07 1986-03-11 Corpra Research, Inc. Portable electronic transaction device and system therefor
EP0165386B1 (en) * 1984-04-26 1989-11-29 Heidelberger Druckmaschinen Aktiengesellschaft Method and storage system for the storage of control data for press actuators
US4614861A (en) * 1984-11-15 1986-09-30 Intellicard International, Inc. Unitary, self-contained card verification and validation system and method
US4634845A (en) * 1984-12-24 1987-01-06 Ncr Corporation Portable personal terminal for use in a system for handling transactions
EP0241219B1 (en) * 1986-04-08 1993-01-13 Seiko Instruments Inc. Electronic timepiece
JPS63120391A (en) * 1986-11-10 1988-05-24 Hitachi Ltd Ic card
JPS63185686A (en) * 1987-01-28 1988-08-01 株式会社東芝 Ic card
US4967895A (en) * 1987-04-16 1990-11-06 Pom, Incorporated Parameter control system for electronic parking meter
US4959603A (en) * 1987-10-27 1990-09-25 Osaka Titanium Co., Ltd. Solar battery equipment
US4916296A (en) 1987-10-29 1990-04-10 Jerry R. Iggulden Light modulating smart card
US5136644A (en) * 1988-04-21 1992-08-04 Telecash Portable electronic device for use in conjunction with a screen
ES2072271T3 (en) * 1989-03-17 1995-07-16 Siemens Ag AUTARCHIC COMPONENT OPERATED WITH PHOTONS.
GB2278085B (en) * 1993-05-21 1997-06-04 Motorola Inc Signal coupler
US5432851A (en) * 1993-10-21 1995-07-11 Tecsec Incorporated Personal computer access control system
US5782552A (en) * 1995-07-26 1998-07-21 Green; David R. Light assembly
US5777903A (en) 1996-01-22 1998-07-07 Motorola, Inc. Solar cell powered smart card with integrated display and interface keypad
US5896215A (en) * 1996-03-07 1999-04-20 Cecil; Kenneth B. Multi-channel system with multiple information sources
US7334735B1 (en) * 1998-10-02 2008-02-26 Beepcard Ltd. Card for interaction with a computer
US7296282B1 (en) * 1999-01-22 2007-11-13 Koplar Interactive Systems International Llc Interactive optical cards and other hand-held devices with increased connectivity
WO2000048064A1 (en) * 1999-02-10 2000-08-17 Vasco Data Security, Inc. Security access and authentication token with private key transport functionality
US6340116B1 (en) * 1999-09-16 2002-01-22 Kenneth B. Cecil Proximity card with incorporated pin code protection
ES1046214Y (en) * 2000-02-11 2001-05-16 Todoli Joaquin Peiro INTERNAL HELMET PROTECTOR.
US7099590B2 (en) * 2000-08-25 2006-08-29 R&Dm Foundation Filtering technique for free space interconnects
US7025277B2 (en) * 2000-09-25 2006-04-11 The Trustees Of Princeton University Smart card composed of organic processing elements
US20060269061A1 (en) * 2001-01-11 2006-11-30 Cardinalcommerce Corporation Mobile device and method for dispensing authentication codes
US7606771B2 (en) * 2001-01-11 2009-10-20 Cardinalcommerce Corporation Dynamic number authentication for credit/debit cards
IL141389A0 (en) * 2001-02-12 2002-03-10 Weiss Golan A system and a method for person's identity authentication
IL141441A0 (en) * 2001-02-15 2002-03-10 Aharonson Dov Smart card having an optical communication circuit and a method for use thereof
US20040177045A1 (en) * 2001-04-17 2004-09-09 Brown Kerry Dennis Three-legacy mode payment card with parametric authentication and data input elements
DE60101997T2 (en) * 2001-05-03 2004-12-09 Berner Fachhochschule Hochschule für Technik und Architektur Biel-Bienne, Biel Security device for online transactions
US20020149822A1 (en) * 2001-08-10 2002-10-17 Stroud Eric M. Optical commuincation system for a portable computing device and method of use
US20050212657A1 (en) * 2001-11-07 2005-09-29 Rudy Simon Identity verification system with self-authenticating card
US20040159700A1 (en) * 2001-12-26 2004-08-19 Vivotech, Inc. Method and apparatus for secure import of information into data aggregation program hosted by personal trusted device
US7543156B2 (en) * 2002-06-25 2009-06-02 Resilent, Llc Transaction authentication card
CZ2005209A3 (en) * 2002-09-10 2005-12-14 Ivi Smart Technologies, Inc. Safe biometric verification of identity
US7681232B2 (en) * 2004-03-08 2010-03-16 Cardlab Aps Credit card and a secured data activation system
US7580898B2 (en) * 2004-03-15 2009-08-25 Qsecure, Inc. Financial transactions with dynamic personal account numbers
US7359647B1 (en) * 2004-04-06 2008-04-15 Nortel Networks, Ltd. Method and apparatus for transmitting and receiving power over optical fiber
DE102004046503B4 (en) * 2004-09-23 2009-04-09 Eads Deutschland Gmbh Indirect optical free-space communication system for broadband transmission of high-rate data in the passenger compartment of an aircraft
EP1713227B1 (en) * 2005-04-11 2009-06-17 AXSionics AG System and Method for providing user's security when setting-up a connection over insecure networks
US8700910B2 (en) * 2005-05-31 2014-04-15 Semiconductor Energy Laboratory Co., Ltd. Communication system and authentication card
EP1788509A1 (en) * 2005-11-22 2007-05-23 Berner Fachhochschule, Hochschule für Technik und Architektur Method to transmit a coded information and device therefore
US20080067247A1 (en) * 2006-09-15 2008-03-20 Mcgregor Travis M Biometric authentication card and method of fabrication thereof
WO2008079491A2 (en) * 2006-10-20 2008-07-03 Electronic Plastics, Llc Decentralized secure transaction system
US20090187507A1 (en) * 2006-12-20 2009-07-23 Brown Kerry D Secure financial transaction network
US20080201264A1 (en) * 2007-02-17 2008-08-21 Brown Kerry D Payment card financial transaction authenticator
US8736587B2 (en) * 2008-07-10 2014-05-27 Semiconductor Energy Laboratory Co., Ltd. Semiconductor device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2008107008A1 *

Also Published As

Publication number Publication date
EP2137665B1 (en) 2013-03-20
ITMI20070453A1 (en) 2008-09-08
WO2008107008A1 (en) 2008-09-12
US20100088754A1 (en) 2010-04-08

Similar Documents

Publication Publication Date Title
EP2137665B1 (en) Authentication method and token using screen light for both communication and powering
EP1857953B1 (en) Method and system for authentication and secure exchange of data between a personalised chip and a dedicated server
US9489670B2 (en) Hybrid wireless short range payment system and method
KR101259925B1 (en) One-time password credit/debit card
CA2702013C (en) Contactless biometric authentication system and authentication method
US8335926B2 (en) Computer system and biometric authentication apparatus for use in a computer system
US20060107067A1 (en) Identification card with bio-sensor and user authentication method
US20210034834A1 (en) Device With Biometric-Gated Display
CN102567686A (en) Security authentication method of application software of mobile terminal based on human body stable characteristics
CN105093911B (en) A kind of intelligent watch
CN109840578A (en) A kind of electronic equipment
CN109842491A (en) A kind of electronic equipment
CN104156855A (en) Payment method and system
CN1614620A (en) Portable card readers and method thereof
EP3110190B1 (en) Method and device for managing contactless applications
CN210864778U (en) All-in-one based on eID authentication and living body collection
RU132230U1 (en) TERMINAL FOR A BIOMETRIC IDENTIFICATION CARD
CN111967870A (en) Label, terminal and mobile device with transaction function
US20210034726A1 (en) Device With Biometric-Gated Display
CN100354872C (en) Credentials information identifying system
CN203812254U (en) Self-service processing device for special-shaped chip card
EP2795830A1 (en) Method of encrypted data exchange between a terminal and a machine
JP3694197B2 (en) Authentication terminal and authentication system
US11533180B1 (en) Storage device and electronic device
KR20170055946A (en) Card

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20091005

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: C-SIGMA S.R.L.

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: KOROTEK S.R.L.

Owner name: C-SIGMA S.R.L.

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20111025

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602007029247

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G06F0021200000

Ipc: G06F0021350000

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 21/44 20130101ALI20130207BHEP

Ipc: G06F 21/35 20130101AFI20130207BHEP

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 602465

Country of ref document: AT

Kind code of ref document: T

Effective date: 20130415

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602007029247

Country of ref document: DE

Effective date: 20130508

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130701

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130620

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 602465

Country of ref document: AT

Kind code of ref document: T

Effective date: 20130320

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130621

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

REG Reference to a national code

Ref country code: NL

Ref legal event code: VDEP

Effective date: 20130320

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130720

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130722

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

26N No opposition filed

Effective date: 20140102

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602007029247

Country of ref document: DE

Effective date: 20140102

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20131230

Year of fee payment: 7

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20131212

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131212

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131231

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20131231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20071212

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20130320

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST

Effective date: 20150831

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20141231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20151212

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20151212

PGRI Patent reinstated in contracting state [announced from national office to epo]

Ref country code: IT

Effective date: 20170710

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20171231

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20180102

Year of fee payment: 11

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171212

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20171212

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: IT

Payment date: 20180102

Year of fee payment: 11

PGRI Patent reinstated in contracting state [announced from national office to epo]

Ref country code: IT

Effective date: 20190408

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 602007029247

Country of ref document: DE

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20181212

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20190702

Ref country code: IT

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20181212

PGRI Patent reinstated in contracting state [announced from national office to epo]

Ref country code: IT

Effective date: 20190408

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20181212